Critical Update: Drupal Security Advisory for Coffee Module
The Drupal Security Team issued a security advisory on February 28, 2024, for the Coffee module, rating the vulnerability as moderately critical with a score of 13/25. The module, designed to expedite navigation through Drupal admin menus, has been found to inadequately sanitize menu names, leading to a potential Cross-Site Scripting (XSS) risk. This issue affects versions prior to 1.4.0 and requires attackers to have administrative menu permissions to exploit. The security flaw was reported by Patrick Fey and subsequently fixed by developers Michael Mol, Klaus Purer, and Oliver Köhler. Drupal administrators using Coffee on Drupal 10 are urged to update to version 8.x-1.4 to mitigate the risk. Greg Knaddison of the Drupal Security Team coordinated this. Learn more here.
Disclosure: This content is produced with the assistance of AI.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related People
Comments
You may also like
